Re: Jeremy Druin's Web App Pen-testing Videos (@webpwnized)

[Xander Solis <xrsolis () gmail com>]

Awesome work Jeremy and Adrian. This will help a lot.

On Thu, Mar 15, 2012 at 1:05 AM, Adrian Crenshaw <irongeek () irongeek com>wrote:

> I knew when my homie Jeremy Druin's took over 
> Mutillidae<http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10>that he 
> was doing more work on it than I ever did, but I did not realize
> the number of videos and subjects he has covered with it! I hope the list
> below comes out ok in your email viewer. If not, here is the index:
>
> http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae
>
>
>
>
>    1.
>
>    Determine Http Methods Using 
> Netcat<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-http-methods-using-netcat>
>    2.
>
>    Determine Server Banners Using Netcat Nikto And 
> W3af<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-server-banners-using-netcat-nikto-and-w3af>
>    3.
>
>    Bypass Authentication Using SQL 
> Injection<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#bypass-authentication-using-sql-injection>
>    4.
>
>    Using 
> Menus<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-menus>
>    5.
>
>    Bypass Authentication Via Authentication Token 
> Manipulation<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#bypass-authentication-via-authentication-token-manipulation>
>    6.
>
>    Explanation Of HTTPonly Cookies In Presense Of Cross Site Scripting
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#explanation-of-httponly-cookies-in-presense-of-cross-site-scripting>
>    7.
>
>    Closer Look At Cache Control And Pragma No Cache 
> Headers<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#closer-look-at-cache-control-and-pragma-no-cache-headers>
>    8.
>
>    Demonstration Of Frame Busting Javascript And X-Frame Options 
> Header<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#demonstration-of-frame-busting-javascript-and-x-frame-options-header>
>    9.
>
>    How To Install And Configure Burp Suite With 
> Firefox<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-install-and-configure-burp-suite-with-firefox>
>    10.
>
>    Basics Of Web Request And Response Interception Using Burp 
> Suite<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-web-request-and-response-interception-using-burp-suite>
>    11.
>
>    Brute Force Authentication Using Burp 
> Intruder<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#brute-force-authentication-using-burp-intruder>
>    12.
>
>    Automate SQL Injection Using SQLMap To Dump Credit Cards 
> Table<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#automate-sql-injection-using-sqlmap-to-dump-credit-cards-table>
>    13.
>
>    Command Injection To Dump Files Start Services Disable 
> Firewall<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#command-injection-to-dump-files-start-services-disable-firewall>
>    14.
>
>    How To Exploit Local File Inclusion Vulnerability Using Burp 
> Suite<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-exploit-local-file-inclusion-vulnerability-using-burp-suite>
>    15.
>
>    HTML Injection To Popup Fake Login Form And Capture 
> Credentials<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#html-injection-to-popup-fake-login-form-and-capture-credentials>
>    16.
>
>    Two Methods To Steal Session Tokens Using Cross Site 
> Scripting<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#two-methods-to-steal-session-tokens-using-cross-site-scripting>
>    17.
>
>    How To Bypass Maxlength Restrictions On HTML Input 
> Fields<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-bypass-maxlength-restrictions-on-html-input-fields>
>    18.
>
>    Two Methods To Bypass Javascript 
> Validation<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#two-methods-to-bypass-javascript-validation>
>    19.
>
>    Three Methods For Viewing Http Request And Response 
> Headers<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#three-methods-for-viewing-http-request-and-response-headers>
>    20.
>
>    Basics Of SQL Injection Timing Attacks
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-sql-injection-timing-attacks>
>    21.
>
>    Basics Of SQL Injection Using 
> Union<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-sql-injection-using-union>
>    22.
>
>    Basics Of Inserting Data With SQL 
> Injection<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-inserting-data-with-sql-injection>
>     23.
>
>    Inject Root Web Shell Backdoor Via SQL Injection
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#inject-root-web-shell-backdoor-via-sql-injection>
>    24.
>
>    Basics Of Using SQL Injection To Read Files From Operating 
> System<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-using-sql-injection-to-read-files-from-operating-system>
>    25.
>
>    How To Locate The Easter Egg File Using Command Injection
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-locate-the-easter-egg-file-using-command-injection>
>    26.
>
>    Injecting Cross Site Script Into Stylesheet Context
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#injecting-cross-site-script-into-stylesheet-context>
>    27.
>
>    Introduction To Http Parameter Pollution
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#introduction-to-http-parameter-pollution>
>    28.
>
>    Basics Of Injecting Cross Site Script Into HTML Onclick Event
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-injecting-cross-site-script-into-HTML-onclick-event>
>    29.
>
>    Basics Of Finding Reflected Cross Site Scripting
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-finding-reflected-cross-site-scripting>
>    30.
>
>    Analyze Session Token Randomness Using Burp Suite Sequencer
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#analyze-session-token-randomness-using-burp-suite-sequencer>
>    31.
>
>    Using Nmap To Fingerprint Http Servers And Web Applications
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-nmap-to-fingerprint-http-servers-and-web-applications>
>    32.
>
>    Spidering Web Applications With Burp Suite
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#spidering-web-applications-with-burp-suite>
>    33.
>
>    Basics Of Burp Suite Targets Tab And Scope Settings
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-burp-suite-targets-tab-and-scope-settings>
>    34.
>
>    Brute Force Page Names Using Burp Intruder Sniper
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#brute-force-page-names-using-burp-intruder-sniper>
>    35.
>
>    Using Burp Intruder Sniper To Fuzz 
> Parameters<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-burp-intruder-sniper-to-fuzz-parameters>
>    36.
>
>    Comparing Burp Intruder Modes Sniper Battering RAM Pitchfork Cluster
>    Bomb
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#comparing-burp-intruder-modes-sniper-battering-ram-pitchfork-cluster-bomb>
>    37.
>
>    Demo Usage Of Burp Suite Comparer Tool
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#demo-usage-of-burp-suite-comparer-tool>
>    38.
>
>    Import Custom Nmap Scans Into Metasploit Community 
> Edition<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#import-custom-nmap-scans-into-metasploit-community-edition>
>    39.
>
>    Using Metasploit Community Edition To Locate Web Servers
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-metasploit-community-edition-to-locate-web-servers>
>    40.
>
>    XSS DNS Lookup Page Bypassing Javascript Validation
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#xss-dns-lookup-page-bypassing-javascript-validation>
>    41.
>
>    Use Burp Suite Sequencer To Compare Csrf Token 
> Strengths<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#use-burp-suite-sequencer-to-compare-csrf-token-strengths>
>    42.
>
>    How To Remove PHP Errors After Installing On Windows 
> Xampp<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-remove-php-errors-after-installing-on-windows-xampp>
>    43.
>
>    Quickstart Guide To Installing On Windows With 
> Xampp<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#quickstart-guide-to-installing-on-windows-with-xampp>
>    44.
>
>    Basics Of Running Nessus Scan On Backtrack 5 R1
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-running-nessus-scan-on-backtrack-5-r1>
>    45.
>
>    How To Import Nessus Scans Into Metasploit Community Edition
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-import-nessus-scans-into-metasploit-community-edition>
>    46.
>
>    Basics Of Exploiting Vulnerabilities With Metasploit Community Edition
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-exploiting-vulnerabilities-with-metasploit-community-edition>
>    47.
>
>    Sending Persistent Cross Site Scripts Into Web Logs To Snag Web Admin
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#sending-persistent-cross-site-scripts-into-web-logs-to-snag-web-admin>
>    48.
>
>    Quick Start Overview Of Useful Pen-Testing Addons For 
> Firefox<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#quick-start-overview-of-useful-pen-testing-addons-for-firefox>
>    49.
>
>    Three Methods For Viewing Javascript Include Files
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#three-methods-for-viewing-javascript-include-files>
>    50.
>
>    Reading Hidden Values From HTML5 Dom Storage
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#reading-hidden-values-from-html5-dom-storage>
>    51.
>
>    How To Execute Javascript On The Urlbar In Modern Browsers
>    
> <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-execute-javascript-on-the-urlbar-in-modern-browsers>
>    52.
>
>    Adding Values To Dom Storage Using Cross Site 
> Scripting<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#adding-values-to-dom-storage-using-cross-site-scripting>
>
>
>
> --
> "The ability to quote is a serviceable substitute for wit." ~ W. Somerset
> Maugham
> "The ability to Google can be a serviceable substitute for technical
> knowledge." ~ Adrian D. Crenshaw
>
>
>
>
> --
> "The ability to quote is a serviceable substitute for wit." ~ W. Somerset
> Maugham
> "The ability to Google can be a serviceable substitute for technical
> knowledge." ~ Adrian D. Crenshaw
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com